|
|
Version 0.4
|
|
Version 0.4.1
|
|
|
-----------
|
|
-----------
|
|
|
|
|
|
|
|
Welcome to the Developer’s guide.
|
|
Welcome to the Developer’s guide.
|
| ... | @@ -39,12 +39,26 @@ The easiest way to start developing your own component is to pick an |
... | @@ -39,12 +39,26 @@ The easiest way to start developing your own component is to pick an |
|
|
existing one which is closer to your needs and modify it to fit your
|
|
existing one which is closer to your needs and modify it to fit your
|
|
|
requirements.
|
|
requirements.
|
|
|
|
|
|
|
|
|
### Path extractors
|
|
|
|
|
|
|
|
Path extractors are used by the spider and their only job is to extract and return
|
|
|
|
a list of paths from the provided HTML document.
|
|
|
|
|
|
|
### Modules
|
|
### Modules
|
|
|
|
|
|
|
|
Modules are the most important type of component in the framework.<br/>
|
|
Modules are the most important type of component in the framework.<br/>
|
|
|
They assess and log vulnerabilities or other entities of interest during
|
|
They assess and log vulnerabilities or other entities of interest during
|
|
|
the scanning process.
|
|
the scanning process.
|
|
|
|
|
|
|
|
|
They operate under the scope of a page and are passed each page that needs to be
|
|
|
|
audited.
|
|
|
|
|
|
|
|
They are split into 2 categories, _audit_ (active) and _recon_ (passive).
|
|
|
|
Audit modules actively engage the webapp via its inputs while recon modules
|
|
|
|
perform discovery related operations like checking for certain patterns in
|
|
|
|
the page body or look for interesting files and directories on the server.
|
|
|
|
|
|
|
|
|
|
|
### Reports
|
|
### Reports
|
|
|
|
|
|
|
|
Reports are used to export the results of the audit in a desired format or fashion.
|
|
Reports are used to export the results of the audit in a desired format or fashion.
|
| ... | @@ -62,8 +76,16 @@ it what it pleases. |
... | @@ -62,8 +76,16 @@ it what it pleases. |
|
|
|
|
|
|
|
Via the framework they have access to all Arachni subsystems and can
|
|
Via the framework they have access to all Arachni subsystems and can
|
|
|
alter or extend Arachni’s behavior on the fly.
|
|
alter or extend Arachni’s behavior on the fly.
|
|
|
Plug-ins run in parallel to the framework and are executed right before
|
|
Plug-ins run in parallel to the framework (and each other) and are executed right before
|
|
|
the scan process starts.
|
|
the scan starts.
|
|
|
|
|
|
|
|
### [RPCD Handlers](http://support.arachni-scanner.com/kb/rpc-api/writting-dispatcher-rpcd-handlers)
|
|
|
|
|
|
|
|
RPCD Handlers are server-side components which have direct access to their parent
|
|
|
|
Dispatcher and whose API can be exposed via the regular RPC interface.
|
|
|
|
|
|
|
|
These components provide a way to extend the server-side functionality with
|
|
|
|
extra features.
|
|
|
|
|
|
|
|
[Core API](http://rubydoc.info/github/Arachni/arachni)
|
|
[Core API](http://rubydoc.info/github/Arachni/arachni)
|
|
|
---------------------------------------------------------
|
|
---------------------------------------------------------
|
| ... | | ... | |
